So when a user is blocked out from loggin in (a phisher or hacker)... I receive this message:

A user with IP address 80.35.80.139 has been locked out from the signing in or using the password recovery form for the following reason: Used an invalid username to try to sign in.
User IP: 80.35.80.139
User hostname: 139.Red-80-35-80.staticIP.rima-tde.net

Is there anything I can do with that information?? A way to blacklist or further protect against them?

I have my settings set to auto lockout after one failed login attempt... since I'm the only one who should be logging in.

However, failed login attempts are common for wordpress as well as servers everywhere. It can be disconcerning to see them, but that is reality.

I would not try to block very many ip addresses, maybe just the ones that repeadly try over and over.

You might want to install a couple of plugins to show who is trying to login like "simple login Log" and "User Locker". Make sure you close comments on posts over two weeks old, and add another administrator user and remove the default "admin" user after that.

WordPress has poor password enforcement so you might want to install a plugin to improve that. Search for "enforce password" on the wordpress plugin site.

I just reread you first message and see you are the only user. I susggest you use a long password, say 15 characters with Mixed case, numbers and some special characters like "~!@#$%^&*()_+"

Then the Login log will show yourself and the people attempting unsuccessfuly to login.

Thanks for everything. I have followed your advice.. and I think I actually slept a little "safer" last night ;) I agree with the coding. The only reason I stuck with ID=1 is because I knew I would be the only admin on this particular installation.

@MickeyRoush,

YES!! I love this approach. That is correct. I am the only one who will ever need to login. No other users will ever need to login or register.

Forgive my green-ness. What is the best method to determine my ip address? Should I just use an online site?

And "TLD"? I'm assuming that would be my site home page?

So, then to test this I can try to use a friends computer (which will have a different ip) to login to the admin panel and make sure it redirects me to the home page?